Big Data and the Future of Privacy

Top News

Pew Survey: Vast Majority of Americans Feel Strongly About Privacy, Want Control Over Personal Information: The Pew Research Center has published a new privacy poll on Americans' Views About Data Collection and Security. According to the Pew survey, 74% of Americans believe control over personal information is "very important," yet only 9% believe they have such control.Americans also value having the ability to share confidential matters with another trusted person. The vast majority of Americans want limits on how long companies retain records about their activities. And 65% of American adults believe there are not adequate limits on the telephone and internet data that the government collects. (May. 20, 2015)

One of the largest health insurers in the country has lost millions of medical records of American consumers. The most recent breach of sensitive medical information shows the dangers of "Big Data" and the mistaken conclusion of the report of the Presidents Science Advisors, which simply assumed the benefits of data collection. EPIC has urged the FTC to establish data minimization procedures for companies limit the risks of data breaches.

A White House report on Big Data and Differential Pricing released today examines new forms of discrimination resulting from big data analytics. The White House explained the risks to consumers, acknowledged the failure of self-regulatory efforts, and called for greater transparency and consumer control over their personal information. Last year, EPIC and a coalition of NGOs urged the President to establish privacy protections - including "algorithmic transparency", consumer control, and robust privacy techniques - to address Big Data risks.

In a speech at the Federal Trade Commission today, President Obama called for free access to credit scores. This will improve transparency for companies that profile consumers with "big data." Last year, the White House explored "Big Data and the Future of Privacy." EPIC called for "algorithmic transparency" and urged the White House to end secret profiling that limits opportunities for consumers, employees, students, and others.

In a speech at the CES conference this week, FTC Chair Edith Ramirez warned of the privacy risks of connected home devices. "In the not-too-distant future, many, if not most, aspects of our everyday lives will be digitally observed and stored," Ramirez said. EPIC has written extensively on interconnected devices, known as the "Internet of Things." In comments to the FTC, EPIC described several risks, including the hidden collection of sensitive data. EPIC recommended that companies adopt Privacy Enhancing Techniques that minimize or eliminate the collection of personally identifiable information. For more information, see EPIC: FTC and EPIC: Big Data.

In comments to a federal agency developing a privacy research agency, EPIC expressed support for Fair Information Practices and the Consumer Privacy Bill of Rights. EPIC also recommended research on Privacy Enhancing Technologies ("PETs") that "minimize or eliminate the collection of personally identifiable information." EPIC highlighted current privacy issues including identity theft, security breaches, financial fraud, and the increasing use of predictive analytics in big data analysis. Earlier this year, EPIC submitted comments on "Big Data and the Future of Privacy" and called for the end of opaque algorithmic profiling. The White House's subsequent report on Big Data and the Future of Privacy incorporated several recommendations from EPIC and other privacy organizations. For more information, see EPIC: Big Data and the Future of Privacy.

Speaking to delegates at the OECD Global Forum for the Knowledge Economy in Tokyo, EPIC President Marc Rotenberg urged OECD member countries to endorse "algorithmic transparency," the principle that data processes that impact individuals be made public. Mr. Rotenberg explained that companies are too secretive about what they collect and how they use personal data. Mr. Rotenberg also spoke about the growing risk of identity theft and cited the recent data breaches at Target, Home Depot, and JP Morgan, and urged OECD countries to update privacy laws. Earlier this year, EPIC submitted extensive comments on the White House's review of "Big Data and the Future of Privacy." EPIC called for the swift enactment of the Consumer Privacy Bill of Rights and the end of opaque algorithmic profiling. For more information, see EPIC - Big Data, The Public Voice, CSISAC.

The White House has released a report on big data and the future of privacy. The report "Big Data: Seizing Opportunities, Preserving Values" makes several recommendations to the President: "(1) advance the Consumer Privacy Bill of Rights; (2) pass national data breach legislation; (3) extend privacy protections to non-U.S. persons; (4) ensure data collected on students in schools is used for educational purposes; (5) expand technical expertise to stop discrimination; and (6) amend the Electronic Communications Privacy Act." The report identifies discrimination as a key concern, stating "A significant finding of this report is that big data analytics have the potential to eclipse longstanding civil rights protections in how personal information is used in housing, credit, employment, health, education, and the marketplace." The report also recommends the adoption of Privacy Enhancing Technologies. EPIC urged public participation in the review process. The White House report incorporates several recommendations from EPIC and other privacy organizations. For more information, see EPIC: Big Data and the Future of Privacy, EPIC: "Privacy in the Commercial World."

In a letter to the White House, a coalition of US organizations urged the Administration to recognize the recent opinion by the Court of Justice, the highest court in Europe, that ended a European data retention mandate. The European law required telephone and internet companies to retain metadata on customers for national security purposes. The European Court of Justice ruled that this practice violates the fundamental right to privacy and is illegal. The US groups argue that the opinion "bears directly on the White House's review of the NSA Telephone Records Collection Program and also the White House study of Big Data and the Future of Privacy." The groups urged the White House to 1) recognize the Court's decision in its upcoming report on big data and privacy; and 2) end the NSA telephone record collection program. The letter states that the decision by European Court "is the most significant legal opinion from any court in the world on the risks of big data and the ongoing importance of privacy protection." Last year EPIC, joined by dozens of legal scholars and former members of the Church Committee, urged the US Supreme Court to find the NSA's telephone record collection program unlawful. More recently, EPIC submitted extensive comments warning the White House of the enormous risks of current big data practices. For more information, see EPIC: Data Retention and EPIC: Big Data and the Future of Privacy.

A federal judge has ruled that the Federal Trade Commission has the power to enforce data security standards. In the case FTC v. Wyndham, the Commission alleged that criminals stole hundreds of thousands of credit card numbers from hotel guests because Wyndham Hotels maintained lax data security. Wyndham responded that the FTC could not bring an enforcement action against the company without first publishing regulations. Judge Esther Salas held that the FTC's authority to investigate "unfair or deceptive" business practices included data protection. FTC Chairwoman Edith Ramirez stated earlier, "Companies should take reasonable steps to secure sensitive consumer information. When they do not, it is not only appropriate, but critical, that the FTC take action on behalf of consumers." For more information, see EPIC: Federal Trade Commission, and EPIC: Big Data and the Future of Privacy.

The Government Accountability Office has issued a report, warning that federal agencies "have not been consistent or fully effective in responding to data breaches." The GAO found that "the number of reported information security incidents involving personally identifiable information has more than doubled over the last several years." The report further states, "the increasing number of cyber incidents at federal agencies, many involving the compromise of personally identifiable information, highlights the need for focused agency action to ensure the security of the large amount of sensitive personal information collected by the federal government." EPIC recently warned the White House about the enormous risks to Americans of current "big data" practices. EPIC and more than 20 organizations have urged the Administrations to establish strong privacy safeguards and improve accountability across the government and private sector. For more information, see EPIC: Big Data and the Future of Privacy.

In response to a request from the White House, EPIC has submitted extensive comments on "Big Data and the Future of Privacy." EPIC warned the White House about the enormous risk to Americans of current "big data" practices but also made clear that problems are not new, citing the Privacy Act of 1974 which responded to the challenges of "data banks." EPIC noted the dramatic increases in identity theft and security breaches. EPIC called for the swift enactment of the Consumer Privacy Bill of Rights and the end of opaque algorithmic profiling. EPIC wrote "It is vitally important to update current privacy laws to minimize collection, secure the information that is collected, and prevent abuses of predictive analytics." EPIC and more than 20 organizations previously urged the White House to establish privacy protections for user data that is being gathered by large companies and government agencies. A report from the White House is expected on April 17. For more information, see EPIC: Big Data and the Future of Privacy.

EPIC along with more than 20 other organizations sent comments to the White House on "Big Data and the Future of Privacy." The organization urged the President to establish new safeguards for organizations collecting "big data" including transparency, accountability, robust privacy techniques, and meaningful evaluation. The groups also urged the President to enact the Consumer Privacy Bill of Rights. The incidents of security beaches and identity theft continue to increase in the United States. Meanwhile a new report reveals that consumers are secretly scored by businesses. And the President recently decided to renew the NSA's ineffective telephone record collection program. The White House agreed to accept public comments after EPIC and two dozen organizations petitioned the Office of Science and Technology Policy. The White House has sponsored several conferences on Big Data and the Future of Privacy, though some of the meeting have been closed to the public. A report from the White House is expected on April 17. For more information, see EPIC: Big Data and the Future of Privacy.

The White House is requesting public comments on the Obama Administration's "Big Data and the Future of Privacy" review. EPIC, joined by 24 consumer privacy, public interest, scientific, and educational organizations petitioned the Office of Science and Technology Policy last month to accept public comments. The petition stated, "The public should be given the opportunity to contribute to the OSTP's review of 'Big Data and the Future of Privacy' since it is their information that is being collected and their privacy and their future that is at stake." The letter sets out several important questions, including whether current laws are adequate and whether it is possible to maximize the benefits of big data while minimizing the risks to privacy. Comments are due by March 31, 2014. For more information, see EPIC: Big Data and the Future of Privacy.

EPIC, joined by 24 consumer privacy, public interest, scientific, and educational organizations petitioned the White House's Office of Science and Technology Policy to accept public comments on the Big Data and The Future of Privacy study now underway. The Office's primary function is to advise the President on scientific and technological issues. The President announced the Big Data review during a recent speech on NSA reform. The petition calls on the Office of Science and Technology Policy to incorporate the concerns and opinions of the public and lays out a number of important questions to consider, including whether current laws are adequate and also whether it is possible to maximize the benefits of big data while minimizing the risks to privacy. For more information, see EPIC: Privacy and Consumer Profiling.

Following the President's speech on reform of the intelligence collection programs, White House counselor John Podesta has announced "a comprehensive review of the way that 'big data will affect the way we live and work; the relationship between government and citizens; and how public and private sectors can spur innovation and maximize the opportunities and free flow of this information while minimizing the risks to privacy." This is the first major privacy initiative announced by the White House since the release of the Consumer Privacy Bill of Rights in 2012. The undertaking will involve key officials across the federal government, including the President’s Science Advisor and the President's Council of Advisors on Science and Technology. EPIC has participated in several workshops and studies concerning the intersection of privcy and "big data."

A Senate Committee Majority Staff report released today highlights the oft-concealed practices of Data Brokers. The report finds that data brokers lack transparency and collect sensitive personal information, while individuals lack basic rights to know what data is collected or how it is used. The brokers, the report notes, prevent business customers from revealing how data is obtained. The report also exposed how personal information is often used to target the financially vulnerable. Thus far, the data broker industry has largely escaped federal regulation. In 2009, EPIC testified in support of new legislation to regulate the data broker industry. In 2005, EPIC's complaint to the FTC against data broker Choicepoint lead to a $10 million settlement. For more information, see EPIC: ChoicePoint and EPIC: Federal Trade Commission.

EPIC's Spotlight on Surveillance Project returns to put the spotlight on the Federal Bureau of Investigation's Next Generation Identification program. A billion dollar project to increase the Bureau's ability to collect biometric identifiers on millions of individuals in the United States. The FBI is currently adding facial, iris, and voice identification techniques that will greatly increase the Bureau’s ability to pursue mass surveillance. EPIC is pursuing a Freedom of Information Act lawsuit to learn more about the program. Many of the techniques now being deployed in the US were developed by the US Department of Defense for war zones. EPIC has urged greater Congressional oversight of the program and new privacy safeguards. See EPIC's Spotlight on Surveillance on FBI's Next Generation Identification Program.

In a keynote speech at the Technology Policy Institute Aspen Forum, FTC Chairwoman Edith Ramirez called upon companies to "move their data collection and use practices out of the shadow and into the sunlight." Chairwoman Ramirez highlighted the risks of big data including indiscriminate collection, data breaches, and behind-the-scenes profiling. She stressed the importance of protecting consumers' privacy and said, "with big data comes big responsibility." EPIC previously testified before Congress and called for the regulation of data brokers because there is too much secrecy and too little accountability in their business practices. EPIC has also consistently recommended that the FTC enforce Fair Information Practices, such as those contained in the Administration's Consumer Privacy Bill of Rights, against commercial actors. For more information, see EPIC: Choicepoint and EPIC: Privacy and Consumer Profiling.

The President issued an Executive Order and memorandum this week outlining the administration's new "Open Data Policy." According to the White House, the goal is to make information "accessible, discoverable, and usable by the public" and to "promote interoperability and openness." The Executive Order states that agencies should also "safeguard individual privacy, confidentiality, and national security." The White House has launched Project Open Data, a collection of code, tools, and case studies to help agencies adopt the open data policy. An article in Foreign Policy this week "Think Again: Big Data" raises provocative questions about the actual value of "Big Data." For more information on Open Government issues, see: EPIC: Open Government and EPIC: Privacy Act.

Responding to growing interest in privacy and "big data," representatives of the data protection agencies in Europe have issued an opinion on the purpose limitation principles in the context of big data. The Article 29 Working Party recommends that personal data should be collected for "specified, explicit and legitimate purposes" and that personal data not be "further processed in a way incompatible with those purposes." The group also recommended that the proposed EU data protection regulation incorporate a list of factors to aid in determining compatible uses. Last fall, EPIC Executive Director Marc Rotenberg testified in support of the proposed reform before the European Parliament, and a group of transatlantic consumer organizations wrote a letter expressing their support. For more information, see EPIC: EU Data Protection Directive.

Overview

Big data is a term for the collection of sets of data that are large and complex and then analyzing these data sets for relationships. The size of these data sets prevents traditional methods of analyzing data to be effective. Rather than focusing on precise relationships between individual pieces of data, big data uses various algorithms and techniques to to infer general trends over the entire set. What counts is the quantity of the data, rather than its quality. It looks for the correlation rather than the causation, the what rather than the why.

Big data has only become possible in the last few years with advances in collection, storage, and interpretation of data. Datafication refers to reinterpreting information into usable sets of data. Data collection, from medicine, financial institutions, social networking, and many other fields, has exploded in recent years. Storage costs for this data have plummeted which lowers the required justification for holding onto data rather than discarding it. The costs and difficulty in processing this data has also dropped. These factors, along with better techniques for analyzing the data, have allowed relationships to be discovered in ways that would not have been possible in years past.

While there are many benefits to the growth of big data analytics, many traditional methods of privacy protections fail. Many notions of privacy rely on informed consent for the disclosure and use of an individual’s private data. However, big data means that data is a resource that can be used and reused, often in ways that were inconceivable at the time the data was collected. Anonymity is also eroded in a big data paradigm. Even if every individual piece of information is striped of personal information, the relationships between the individual pieces can reveal the individual's identity.

Obama Administration Big Data Review

Following the President's speech speech on reform of the National Security Agency's bulk meta-data collection program under Section 215 of the USA Patriot Act, White House counselor John Podesta announced "a comprehensive review of the way that 'big data will affect the way we live and work; the relationship between government and citizens; and how public and private sectors can spur innovation and maximize the opportunities and free flow of this information while minimizing the risks to privacy." This was the first major privacy initiative announced by the White House since the release of the Consumer Privacy Bill of Rights in 2012. The undertaking will involve key officials across the federal government, including the President’s Science Advisor and the President's Council of Advisors on Science and Technology.

EPIC and a coalition of consumer groups has already written a letter, to John Holdren, the Director of the Office of Science and Technology Policy. EPIC urged OSTP to provide the public an opportunity to comment and suggested that the review take into consideration (but not be limited to) the following important questions about the role of Big Data in our society:

1) What potential harms arise from big data collection and how are these
risks currently addressed?

(2) What are the legal frameworks currently governing big data, and are
they adequate?

(3) How
could companies and government agencies be more transparent in
the use of big data, for example, by publishing algorithms?

(4) What technical measures could promote the benefits of big data while
minimizing the privacy risks?

(5) What experience have other countries had trying to address the
challenges of big data?

(6) What future trends concerning big data could inform the current
debate?

Public Comments by EPIC and Other Advocacy Groups

On March 4, 2014, in response to suggestions from EPIC and other consumer privacy groups, the Office of Science and Technology Policy published a Request for Information, which provides the public an opportunity to comment on the Podesta Big Data Review. EPIC submitted comments to the Podesta Review, emphasizing how the current Big Data environment poses enormous risks to ordinary Americans. EPIC emphasized the data security risks and substantial risks to student privacy that exist in the current big data regulatory environment and called for the Administration to better implement the Fair Information Practices(FIPs) first set out in 1973.

Data Brokers

Data brokers are large commercial organizations that collect vast swathes of data on millions and sometimes hundreds of millions of consumers in order to resell the data or utilize it in targeted marketing campaigns. Recently, the data broker industry as a whole has come under a great deal of scrutiny from the Federal Trade Commission and the Senate Commerce Committee. FTC Commissioner Julie Brill has announced a new initiative, "Reclaim Your Name", which is designed to promote more transparency in the data broker industry and give consumers greater control over their individual data. The Senate Commerce Committee, under the leadership of Senator Jay Rockefeller (D-WV) undertook an examination of the data broker industry this past December, holding hearings, hearings on the issue, and releasing a report, A Review of the Data Broker Industry: Collection, Use, and Sale of Consumer Data for Marketing Purposes of their findings.

Big Data Statistics

Google is more than 1 million petabytes in size and processes more than 24 petabytes of data a day, a volume that is thousands of times the quantity of all printed material in the U.S. Library of Congress.

32 billion searches are performed each month on Twitter.

More than 1 billion unique users visit YouTube each month and over 6 billion hours of video are watched each month on YouTube - that's almost an hour for every person on Earth, and 50% more than last year.

90 percent of the data in the world today has been created in the past two years.

In 2012, data was forecasted to double every two years through the year 2020.

In 2020, the amount of digital data produced will exceed 40 zettabytes, which is the equivalent of 5,200 gigabytes for every man, woman and child on planet earth.

* 1 Gigabyte = Approximately 1 full-length feature film in digital format; 1 Petabyte= One Million Gigabytes or a Quadrillion Bytes; 1 Exabyte = One Billion Gigabytes; 1 Zettabyte = One Trillion Gigabytes or One Million Petabytes.